Some researchers at Cambridge University say that Verified by Visa and Mastercard Secure Code have security problems.
Yes, interesting that the author of the latter works for Cronto, who are trying to flog an alternative transaction verification system -
There seem to be a lot of theoretical scenarios where customers could be defrauded and not get their money back, but how many times has this actually happened in the real world and is it any worse than before? It was just the same when cash machines first came out, credit cards, online banking, chip & pin etc.
And they make the common assumption that vendors/card processor using this system actually serve the form from Cyota. Many of them don't, or at least didn't, including major card processors, and British Gas. They copy the form into their own page, and go man in the middle on the outbound leg.
David Woolley wrote
VBV is a PITA. I use Firefox with the No-script plug-in and VBV usually fails due to the way it is implemented.
Anyway, even when it works, it fails to recognise my password, so I go for the "not yet enrolled" option and knock up a pwd there and then. They have have dozens of passwords for me now, and I am sure I am not alone.
Bitstring , from the wonderful person Postman Pat said
Me too, mostly caused by the fact that my wife and I had joint cards and she could never remember the password I used, nor I the one she set (assuming even she could remember it).
The Mastercard version, whatever it is called, doesn't seem to understand the concept of two different users with same card number (which I guess is Capital One's fault ... most other card issuers give secondary card a different number).
GSV Three Minds in a Can :
Same here. We both have our password "systems" are they're incompatible. I don't approve of hers and she wouldn't understand mine. It beggars belief that we can't each have our own passwords, as one can (must do, in fact) with every joint account online banking system I've ever used.
Interesting. I've has several credit cards (Visa and MasterCard) with SWMBO as a second cardholder and in every case the card number (and, since its introduction, the CVV2) have been the same. Madness.
I'm no expert but the first time I saw "Verified by Visa" I thought "if this isn't is a scam, it's utter madness".
Bitstring , from the wonderful person Mike Barnes said
IIRC Barclaycard and Amex both have different card numbers, CVVs etc for the second cardholder.
GSV Three Minds in a Can :
It's good to know that some people do it right, and I'll bear that in mind next time I consider changing. As it is I get nearly £500 a year cashback on my Capital One card so I'm probably not going to be switching until they decide to turn the tap off.
You don't need to worry, because banks are fine institutions and they are always the first to admit to their mistakes and to refund monies wrongly taken from their customers' accounts and they would never dream of prosecuting a customer for complaining about phantom withdrawals.
I was able to reset my password using my birthdate but I was shocked to learn that in some cases even that's not required. The best strategy is then to set up a new password each time, since a thief could have set up the new password as well.
Nah, they're all bastards - don't trust them. Insist on getting paid in cash and shove it all under the mattress. Much safer.
I might be missing something - but WTF is the point of VBV if you can simply set up a new password each time? I thought the idea was you registered a password against a card and you could then only use that card for online purchases with that password.
Only one of my cards has insisted on me registering, I've not used it since the initial registration.
Bitstring , from the wonderful person Andy Pandy said
You need a LOT of extra information to set or reset a password. Phone numbers, CVV number, inside leg measurements, and all sorts.
GSV Three Minds in a Can wrote
You don't reset the pwd; you create a new one every time.
You need the CC security code, your DOB, the way your name is written on the CC, and you make up a fresh password there and then :)
At least that's what one does with MBNA. I do this every time I use the card with a merchant who uses VBV.
It's a stupid system.
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.